1. Field
The present invention relates to the field of cryptography. More particularly, the present invention relates to a cryptographic packet processing unit and its associated method of operation.
2. General Background
Over the last decade, computers have become an important product for both commercial and personal use, in part due to their versatility. For example, computers are commonly used as a vehicle to transfer information over a communication link such as private networks or public networks. "Private networks" include a local area network or any network having restricted access, while "public networks" include the Internet or any network allowing access to the public at large. In many situations, it may be desirable to encrypt digital information prior to transmission over the communication link so that the transmitted information is clear and unambiguous to a targeted recipient, but is incomprehensible to any illegitimate interlopers.
In 1981, the National Institute of Standards and Technology approved a data security process referred to as the "Data Encryption Standard." The Data Encryption Standard (DES) is a cryptographic function for encrypting and decrypting digital information through the use of a single, unique key. To ensure security of the transmitted information, the nature of the key is held in confidence between the source and the targeted recipient. DES is described in a Federal Information Processing Standards Publication (FIPS PUB 46-2) entitled "Data Encryption Standard (DES)" which was published on or around Dec. 30, 1993.
Currently, as shown in FIG. 1, a standard system 100 for supporting DES cryptography is shown. The system 100 comprises a DES cryptographic engine 110, which includes hardware and/or software responsible for encrypting or decrypting incoming data in accordance with the DES function. Within system 100, DES cryptographic engine 110 receives an incoming data stream fetched from a memory unit 120 by a memory controller 130. DES cryptographic engine 110 obtains a key from a separate cache memory 140 and performs a cryptographic operation on the incoming data stream based on the key received from cache memory 140.
The preformance of hardware might be improved when supporting video content streaming or other data streaming in which many keys are used in quick succession. For example, one disadvantage is that key management logic becomes more complex, especially when coordinating the proper usage of a large number of keys in quick succession. Another disadvantage is that the use of a small cache memory 140 for key storage is less efficient that using memory unit 120, in part due to overhead constraints associated with memory.
Hence, it would be desirable to create a cryptographic packet processing unit that is capable of utilizing memory unit 120 for key storage.